Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 14 Oct 2015 18:57:35 +0200
From: Pere Orga <>
Cc: Drupal Security Team <>
Subject: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132
 to SA-CONTRIB-2015-156)


Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-132 - Administration Views - Information Disclosure

SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery
SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass

SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)

SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data

SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)

SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)

SA-CONTRIB-2015-139 - Workbench Email - Access bypass

SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)

SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)
SA-CONTRIB-2015-141 - Ctools - Access bypass

SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)

SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)

SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)

SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass

SA-CONTRIB-2015-146 - Twitter - Access bypass

SA-CONTRIB-2015-147 - RESTful - Access bypass

SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection

SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)

SA-CONTRIB-2015-150 - CMS Updater - Access bypass
SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)

SA-CONTRIB-2015-151 - Scald - Information Disclosure

SA-CONTRIB-2015-152 - User Dashboard - SQL Injection

SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)

SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)

SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure

SA-CONTRIB-2015-156 - Colorbox - Access bypass

Many thanks

Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.